EP0935214B1 - Smart card with integrated circuit - Google Patents
Smart card with integrated circuit Download PDFInfo
- Publication number
- EP0935214B1 EP0935214B1 EP99200263A EP99200263A EP0935214B1 EP 0935214 B1 EP0935214 B1 EP 0935214B1 EP 99200263 A EP99200263 A EP 99200263A EP 99200263 A EP99200263 A EP 99200263A EP 0935214 B1 EP0935214 B1 EP 0935214B1
- Authority
- EP
- European Patent Office
- Prior art keywords
- register
- mode
- registers
- memory
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Images
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/79—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/357—Cards having a plurality of specified features
- G06Q20/3576—Multiple memory zones on card
Definitions
- the invention relates to a chip card with an integrated circuit containing a control unit in the form of a microprocessor and memory.
- smart cards are well known and used for various purposes.
- check cards are used for purposes that contain safety-related information on the card. This is the case, for example, with bank cards in which credit or credit lines are located on the check card, as well as personal secret numbers, or in the case of patient cards on which confidential information about the patient is to be read out, for example, only after entering a personal secret number.
- such cards are used as access control for certain rooms or buildings. In all cases, it should be prevented that secret data can be read out of the card by means of fraudulent manipulation or that data on the card can be changed in an undesired way.
- a chip card with microprocessor and memory in which an illegal, i. unwanted access to data in the card for reading or changing with the greatest possible security is prevented.
- a decoupled from the actual microprocessor circuit protection circuit is provided which monitors each addressed addresses.
- the object of the invention is to provide a chip card with microprocessor and memory, can be dispensed with on the additional protection circuit, but still an inadmissible access to data is prevented.
- the blocking of memory locations or the release of certain memory areas for each user program is achieved in a simple manner that the memory is divided into certain areas, which also with Segments or pages are called, and different user programs are then expediently assigned to different segments.
- the segments are determined by the content of one or more corresponding registers, which can only be changed in system mode. As a result, memory areas of various user programs are safely separated from each other.
- access to only a portion of this segment may be enabled by providing additional registers for an indication of a boundary address within a segment.
- Each address i.e. the lower order bits are automatically compared to the contents of such a register.
- bit group is provided, preferably in the segment register, the value of which is written into the memory location together with the written-in data. During read-out, it is then checked whether the content of the corresponding area of the memory location matches this bit group. If this is not the case, reading is disabled.
- a user program in user mode is to access a register or a memory location that is not permitted in this user program, instead of a special system message, only a value corresponding to an empty memory cell can be output, ie not after the card has been produced has been described. In this way, a fraudulent user can not tell if he really wanted to access an empty space or a locked space. In addition, such a value corresponds to an unconditional jump in the system mode.
- registers that can only be changed in system mode.
- These registers form at least part of the registers for special functions, the so-called SF registers.
- These registers are interconnected via an in-register bus.
- this internal register bus has an interface to the internal data bus, via which data can be written from the data bus to the registers or read from the registers to the data bus.
- this register bus is now divided by a switch that is closed only in system mode. This is a very easy way to lock the corresponding registers and indirectly also all inaccessible memory locations.
- the Fig. 1 schematically shows the essential parts of the invention for a microprocessor.
- a program counter 10 is connected, which can be set via the data bus to a specific address and otherwise autonomously continues counting.
- the necessary control signals are with the program counter as well in the other elements in this figure and in the other figures for clarity, not shown individually.
- the program counter 10 delivers its contents to a memory management unit MMU 14, which supplies a memory 20 with address and control signals via a connection 15.
- This memory 20 expediently consists of several memory units, namely in particular a ROM for the system program or essential parts thereof, a writable EEPROM for user programs and certain fixed data such as secret numbers and a volatile RAM, in particular for storing intermediate results in individual processing steps.
- the selection of the individual memory is done by control signals via the connection 15. Via a connection 29 data read out from addressed memory locations is output or fed into writable memory locations data to be written.
- the MMU 14 is also directly connected to the bus 11 to supply data from the bus 11 to the memory 20 as addresses.
- the MMU 14 is connected to registers 18, which are shown here in simplified form as a block and which contain information about which memory unit is to be selected in the memory 20 and, in addition, which memory area or address area in the selected memory unit is addressed.
- the EEPROM memory unit is divided into areas, which are generally referred to as segments or pages. Each user program is assigned one or more specific segments for program information and data that are defined when the relevant user program is written. These assignments can only be changed by the system program, as will be explained later.
- An arithmetic logic unit ALU12 is connected to an input to the bus 11.
- the internal structure of this unit which includes in particular a computing unit and an accumulator and other registers, is known per se and therefore not shown here.
- the results of this unit 12 are returned to the bus 11 again.
- some signals that occur when performing calculations such as carry signals, overflow messages, or null values, are fed via a link 13 to a register 26 which contains part of the so-called program status word.
- the second part of the program status word is contained in a register 28.
- registers 24 are provided, which can be loaded via a connection 25 from outside the microprocessor or to outside data can give.
- the registers 18, 28 and 24 are interconnected via a special bus 23 which leads to a connection unit 30. To this bus 23 further registers may be connected, as indicated by the dashed line to the connection unit 30.
- the connection unit 30 is further connected to an internal bus 21, which leads to the register 26 for the one part of the program status word and to a coupling unit 22, which connects this bus 21 to the bus 11 with appropriate control via control lines not separately shown.
- the buses 21 and 23 represent the usual in microprocessors internal bus for the registers for special functions. These two parts form a single bus, when the connection unit 30 connects by driving via the line 27, the two bus parts.
- the control line 27 is connected to a certain part of the register 28 which contains a mode bit.
- the value of this bit determines if the microprocessor is operating in system or user mode.
- the connection unit 30 is driven to connect both bus parts 21 and 23 with each other, so that then a uniform bus is prepared, over which all registers for special functions, such as the illustrated registers 18, 24, 26 and 28 and optionally further, not shown registers are interconnected. In system mode, all registers can be accessed.
- the connection unit 30 is actuated by the corresponding other value of the mode bit via the control line 27 in order to separate the two bus parts 21 and 23. Now, the registers 18, 28 and 24 as well as other registers connected to the bus 23 can no longer be accessed, neither for writing nor for reading only.
- the transition from user mode to system mode is done by a special jump instruction which switches the mode bit in register 28 to system mode.
- the beginning of the system program is called, the essential content of which is fixed unchangeable.
- the register 18 can be changed in order to be able to address other memory units or other segments in a memory unit in the subsequent user program.
- the mode bit is switched back in register 28, and thus the connection to the bus 23 is interrupted again via the control line 27 in the connection unit 30, so that then no access to the registers connected thereto is possible.
- connection unit 30 In Fig. 2 the structure of the connection unit 30 is shown in somewhat more detail.
- the switches 302 and 304 are driven together via the control line 27.
- the connection In the in Fig. 2 In the illustrated position of the switches 302 and 304, the connection is broken and data is transmitted to the bus 21 coming from a fixed data line 306.
- this data value corresponds to the value of the jump instruction that jumps into system mode. So if in a user program prohibited Thus, if a non-permitted register is to be accessed, a value corresponding to the branch instruction is read out. If this value is to be interpreted as a command, such a forbidden access always takes place in the system mode, in which only specified command sequences that can not be changed by a user are executed.
- connection to the bus 11 leads to an address calculator 140, where the data from the bus 11 as an address with a via the connection 19 from the register 18 in Fig. 1 coming address part of higher significance and output via the connection 141.
- the connection 141 leads to a blocking unit 144 and a comparator 142.
- a second input of the comparator 142 is connected to the output of a register 32, which is also connected as a register for special functions to the bus 23, which is accessible only in system mode and can be loaded in this system mode with a value for an address boundary.
- This address boundary is compared with preferably parts of the address on the connection 141, and if the address is within the predetermined limit, the blocking unit 144 is enabled by the comparator 142 via the line 141 and the address via the connection 15 to the memory 20 in Fig. 1 fed. In this way, in the user mode, access to a part of a segment associated with the relevant user program can be blocked.
- Fig. 4 Another safeguard against access to unauthorized data is in Fig. 4 shown schematically. If out of the memory 20 in Fig. 1 the contents of a memory location are read out and the corresponding data are output via the connection 29, these are supplied to a comparator 42 and a further blocking unit 40.
- the comparator 42 receives at a further input data from the register 18, which has been loaded via the bus 23.
- the comparator 42 checks certain parts of the data word on the connection 29 for equality with the data supplied by the register 18. Only if equality is over the line 43 the blocking unit 40 is enabled and the data is delivered on the connection 45. These data are written in response to corresponding control signals on control lines not separately shown in a data register 44 which supplies these data to the bus 11, or in command register 46, which supplies this data as a command to a command decoder, not shown.
- Fig. 5 symbolically the division into a protected system part 50 and an unprotected user part 60 is shown.
- the user part 60 access to a stack memory 62 and the program counter 64 is released.
- one half of the program status word register 59 is available to this user part.
- the other part of this register 59 is only available to the system part 50.
- system stack 570, 571 can be accessed via register 57, as well as via an interface 52 to the special function register bus 52, such as write enable memory register 56 and general access register 55 Memory and the register 54 for input / output operations and a register 53 for a coprocessor, which is preferably arranged on the same chip.
- registers may be other such registers, not shown.
- the system area 50 with the access possibilities to the units indicated therein is only possible if the mode bit is set. In the user area, access to the units 62 and 64 shown therein is possible, but not to the units shown in the system area 50.
- Section 71 contains the mode bit.
- Section 72 contains a bit that can be used to check the program sequence, which is especially important when creating programs.
- the content of section 73 is for register selection.
- the contents of section 74 mask interrupt requests.
- the part after the double stroke is also readable and changeable in user mode and contains two sections 75 and 76, in which carry signals stored in the ALU12 in FIG Fig. 1 arise.
- the section 77 can be largely defined freely by the user program.
- the message is stored that in the ALU12 in Fig. 1 an overflow has occurred.
- Section 79 indicates that a negative result has occurred in the ALU 12, and section 80 indicates that the value zero has arisen in the calculation. Since this only signals the ALU12 in Fig. 1 are, the access to these areas must also be possible in user mode.
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Business, Economics & Management (AREA)
- Computer Security & Cryptography (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Accounting & Taxation (AREA)
- Computer Networks & Wireless Communication (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
Description
Die Erfindung betrifft eine Chipkarte mit einer integrierten Schaltung, die eine Steuereinheit in Form eines Mikroprozessors und Speicher enthält. Derartige Chipkarten sind allgemein bekannt und werden für verschiedene Zwecke verwendet. In häufigen Fällen werden solche Scheckkarten für Zwecke verwendet, in denen sich auf der Karte sicherheitsrelevante Informationen befinden. Dies ist beispielsweise der Fall bei Bankkarten, bei denen sich auf der Scheckkarte Guthaben oder Kreditlinien befinden sowie persönliche Geheimzahlen, oder bei Patientenkarten, auf denen sich vertrauliche Informationen über den Patienten befinden, die beispielsweise nur nach Eingabe einer persönlichen Geheimnummer auslesbar sein sollen. Ferner werden solche Karten als Zugangskontrolle für bestimmte Räume oder Gebäude verwendet. In allen Fällen soll verhindert werden, daß durch betrügerische Manipulationen geheime Daten aus der Karte ausgelesen werden können oder daß Daten auf der Karte in unerwünschter Weise verändert werden können.The invention relates to a chip card with an integrated circuit containing a control unit in the form of a microprocessor and memory. Such smart cards are well known and used for various purposes. In many cases, such check cards are used for purposes that contain safety-related information on the card. This is the case, for example, with bank cards in which credit or credit lines are located on the check card, as well as personal secret numbers, or in the case of patient cards on which confidential information about the patient is to be read out, for example, only after entering a personal secret number. Furthermore, such cards are used as access control for certain rooms or buildings. In all cases, it should be prevented that secret data can be read out of the card by means of fraudulent manipulation or that data on the card can be changed in an undesired way.
, eine Chipkarte mit Mikroprozessor und Speicher, bei der ein unzulässiger, d.h. nicht gewünschter Zugriff auf Daten in der Karte zum Auslesen oder Verändern mit möglichst großer Sicherheit verhindert wird. Dabei ist eine von der eigentlichen Mikroprozessorschaltung entkoppelte Schutzschaltung vorgesehen, die jeweils angesprochenen Adressen überwacht., a chip card with microprocessor and memory, in which an illegal, i. unwanted access to data in the card for reading or changing with the greatest possible security is prevented. In this case, a decoupled from the actual microprocessor circuit protection circuit is provided which monitors each addressed addresses.
Aufgabe der Erfindung ist es eine Chipkarte mit Mikroprozessor und Speicher anzugeben, bei der auf der additionellen Schutzschaltung verzichtet werden kann, aber trotzdem ein unzulässiger Zugriff auf Daten verhindert wird.The object of the invention is to provide a chip card with microprocessor and memory, can be dispensed with on the additional protection circuit, but still an inadmissible access to data is prevented.
Diese Aufgabe wird erfindungsgemäß durch den kennzeichnenden Teil des Anspruchs 1 gelöst. Dadurch ist der Zugriff auf alle solchen Register und Speicher, in denen sich sicherheitsrelevante Informationen befinden, nur im System-Mode möglich. Der System-Mode arbeitet mit einem fest gespeicherten Programm, das selbstverständlich ebenfalls von außerhalb weder auslesbar noch veränderbar ist. Dieses Programm ist unabhängig von den jeweiligen Anwendungsfällen.This object is achieved by the characterizing part of claim 1. Thereby is the access to all such registers and memory, in which safety-related information is located, only possible in system mode. The system mode works with a permanently stored program, which of course can not be read or changed from outside. This program is independent of the respective applications.
Dies hat den Vorteil, daß ein solches System-Programm nur einmal auf seine sicherheitsrelevanten Funktionen geprüft und freigegeben werden muß. Die Anwenderprogramme, die von den entsprechenden Institutionen wie Banken oder Krankenkassen erstellt und auf die Karte gebracht werden, brauchen dann nicht besonders geprüft zu werden. Jeder Zugriff auf geheime Daten im Rahmen eines Anwenderprogramms erfolgt ausschließlich über das System-Programm. Dies ist besonders wichtig auch für Chipkarten, die mehr als einer Anwendung dienen. Durch das System-Programm wird sichergestellt, daß alle verschiedenen Anwenderprogramme eindeutig und zuverlässig voneinander getrennt sind und nicht von einem Anwenderprogramm auf ein anderes bzw. auf darin verwendete Daten zugegriffen werden kann.This has the advantage that such a system program must be checked and released only once on its safety-related functions. The user programs, which are created and put on the map by the appropriate institutions, such as banks or health insurances, then need not be specially examined. Any access to secret data in the context of a user program is carried out exclusively via the system program. This is especially important for smart cards that serve more than one application. The system program ensures that all the different user programs are unambiguously and reliably separated from each other and that one user program can not access another or the data used therein.
Zum Zugriff auf geheime Daten, die in einem Anwenderprogramm rechtmäßig verwendet werden sollen, wird stets ein bestimmter Sprung in das System-Programm ausgelöst, der das Mode-Bit umschaltet. Im System-Mode sind alle Register und alle Speicherplätze zugänglich. Andererseits kann im System-Mode aber genau geprüft werden, ob der gewünschte Zugriff tatsächlich zulässig ist. Diese Prüfung kann auch durch einen betrügerischen Benutzer nicht ausgeschaltet werden. Einen Zugriff auf geheime Daten ist auch jede Eingabe- und Ausgabeoperation von Daten gleichgestellt.To access secret data that is to be legitimately used in a user program, a certain jump is always triggered into the system program, which switches the mode bit. In system mode, all registers and all memory locations are accessible. On the other hand, it can be checked in the system mode, whether the desired access is actually allowed. This check can not be disabled by a fraudulent user. An access to secret data is also equal to every input and output operation of data.
Die Sperrung von Speicherplätzen bzw. die Freigabe bestimmter Speicherplatzbereiche für jeweils ein Anwenderprogramm wird auf einfache Weise dadurch erreicht, daß der Speicher in bestimmte Bereiche unterteilt ist, die auch mit Segmenten oder Seiten bezeichnet werden, und unterschiedlichen Anwenderprogrammen sind dann zweckmäßig auch unterschiedliche Segmente zugeordnet. Die Segmente werden durch den Inhalt eines bzw. mehrerer entsprechende Register bestimmt, die nur im System-Mode veränderbar sind. Dadurch sind Speicherbereiche verschiedener Anwenderprogramme sicher gegeneinander abgegrenzt.The blocking of memory locations or the release of certain memory areas for each user program is achieved in a simple manner that the memory is divided into certain areas, which also with Segments or pages are called, and different user programs are then expediently assigned to different segments. The segments are determined by the content of one or more corresponding registers, which can only be changed in system mode. As a result, memory areas of various user programs are safely separated from each other.
Zusätzlich kann innerhalb eines Segments der Zugriff auf nur einen Teil dieses Segments freigegeben werden, indem zusätzliche Register für eine Angabe einer Grenzadresse innerhalb eines Segments vorgesehen werden. Jede Adresse, d.h. die Bits geringerer Wertigkeit, werden automatisch mit dem Inhalt eines solchen Registers verglichen. Auch diese Register können nur im System-Mode gelesen und überschrieben werden.In addition, within a segment, access to only a portion of this segment may be enabled by providing additional registers for an indication of a boundary address within a segment. Each address, i.e. the lower order bits are automatically compared to the contents of such a register. These registers can only be read and overwritten in system mode.
Ferner ist, vorzugsweise im Segmentregister, eine Bitgruppe vorgesehen, deren Wert zusammen mit eingeschriebenen Daten in den Speicherplatz mit eingeschrieben wird. Beim Auslesen wird dann geprüft, ob der Inhalt des entsprechenden Bereichs der Speicherstelle mit dieser Bitgruppe übereinstimmt. Falls dies nicht der Fall ist, wird das Auslesen gesperrt.Furthermore, a bit group is provided, preferably in the segment register, the value of which is written into the memory location together with the written-in data. During read-out, it is then checked whether the content of the corresponding area of the memory location matches this bit group. If this is not the case, reading is disabled.
Wenn von einem Benutzerprogramm im Benutzer-Mode auf ein Register oder einen Speicherplatz zugegriffen werden soll, der in diesem Benutzerprogramm nicht zulässig ist, kann anstelle einer besonderen Systemmeldung nur ein Wert ausgegeben werden, der einer leeren Speicherzelle entspricht, die also nach Herstellung der Karte nicht beschrieben worden ist. Auf diese Weise kann ein betrügerischer Benutzer nicht erkennen, ob er tatsächlich auf einen leeren Speicherplatz oder auf einen gesperrten Speicherplatz zugreifen wollte. Außerdem entspricht ein solcher Wert einem unbedingten Sprung in den System-Mode.If a user program in user mode is to access a register or a memory location that is not permitted in this user program, instead of a special system message, only a value corresponding to an empty memory cell can be output, ie not after the card has been produced has been described. In this way, a fraudulent user can not tell if he really wanted to access an empty space or a locked space. In addition, such a value corresponds to an unconditional jump in the system mode.
Die Sperrung aller nicht zugelassenen Speicherbereiche erfolgt also über Register, die nur im System-Mode veränderbar sind. Diese Register bilden wenigstens einen Teil der Register für spezielle Funktionen, der sogenanten SF-Register. Diese Register sind über einen registerinternen Bus miteinander verbunden. Außerdem hat dieser interne Registerbus eine Schnittstelle zum internen Datenbus, über die Daten vom Datenbus in die Register eingeschrieben oder aus den Registern zum Datenbus ausgelesen werden können. Zweckmäßig wird nun dieser Registerbus durch einen Schalter unterteilt, der nur im System-Mode geschlossen ist. Dies ist eine sehr einfache Möglichkeit, die entsprechenden Register und indirekt damit auch alle nicht zugänglichen Speicherplätze zu sperren.The blocking of all unauthorized memory areas thus takes place via registers that can only be changed in system mode. These registers form at least part of the registers for special functions, the so-called SF registers. These registers are interconnected via an in-register bus. In addition, this internal register bus has an interface to the internal data bus, via which data can be written from the data bus to the registers or read from the registers to the data bus. Appropriately, this register bus is now divided by a switch that is closed only in system mode. This is a very easy way to lock the corresponding registers and indirectly also all inaccessible memory locations.
Ausführungsbeispiele der Erfindung werden nachfolgend anhand der Zeichnung erläutert. Es zeigen:
-
Fig. 1 ein Blockschaltbild der wichtigsten Teile eines Mikroprozessors für eine Chipkarte, -
Fig. 2 den genaueren Aufbau eines Details daraus, -
Fig. 3 ein Blockschaltbild für die Überprüfung von Adreßgrenzen, -
Fig. 4 ein Blockschaltbild für die Prüfung des Inhalts von Speicherplätzen, -
Fig. 5 eine symbolische Darstellung der Unterteilung zwischen geschütztem SystemBereich und ungeschütztem Benutzer-Bereich, -
Fig. 6 ein Beispiel für den Aufbau eines Programmstatusworts in zwei getrennten Registern.
-
Fig. 1 a block diagram of the most important parts of a microprocessor for a smart card, -
Fig. 2 the more detailed construction of a detail from it, -
Fig. 3 a block diagram for checking address boundaries, -
Fig. 4 a block diagram for checking the contents of memory locations, -
Fig. 5 a symbolic representation of the division between the protected system area and the unprotected user area, -
Fig. 6 an example of building a program status word in two separate registers.
Die
Der Programmzähler 10 liefert seinen Inhalt an eine Speicherverwaltungseinheit MMU 14, die über eine Verbindung 15 einen Speicher 20 mit Adressen- und Steuersignalen versorgt. Dieser Speicher 20 besteht zweckmäßig aus mehreren Speichereinheiten, nämlich insbesondere einem ROM für das Systemprogramm bzw. wesentliche Teile davon, einem beschreibbaren EEPROM für Anwenderprogramme und bestimmte feste Daten wie Geheimnummern sowie aus einem flüchtigen RAM insbesondere zur Speicherung von Zwischenergebnissen bei einzelnen Verarbeitungsschritten. Die Auswahl der einzelnen Speicher geschieht durch Steuersignale über die Verbindung 15. Über eine Verbindung 29 werden aus adressierten Speicherplätzen ausgelesene Daten abgegeben bzw. in beschreibbare Speicherplätze einzuschreibende Daten zugeführt.The
Die MMU14 ist ferner direkt mit dem Bus 11 verbunden, um Daten vom Bus 11 als Adressen dem Speicher 20 zuzuführen. Außerdem ist die MMU14 mit Registern 18 verbunden, die hier vereinfacht als ein Block dargestellt sind und die Angaben enthalten, welche Speichereinheit im Speicher 20 auszuwählen ist und zusätzlich, welcher Speicherbereich bzw. Adreßbereich in der ausgewählten Speichereinheit angesprochen wird. Dazu ist insbesondere die EEPROM-Speichereinheit in Bereiche unterteilt, die allgemein als Segmente oder Seiten bezeichnet werden. Jedem Anwenderprogramm werden ein oder mehrere bestimmte Segmente für Programminformationen und Daten zugeordnet, die beim Einschreiben des betreffenden Anwenderprogramms festgelegt werden. Diese Zuordnungen können lediglich durch das Systemprogramm verändert werden, wie spätert erläutert wird.The MMU 14 is also directly connected to the
Eine arithmetisch-logische Einheit ALU12 ist mit einem Eingang mit dem Bus 11 verbunden. Der interne Aufbau dieser Einheit, der insbesondere eine Recheneinheit und einen Akkumulator sowie weitere Register umfaßt, ist an sich bekannt und daher hier nicht weiter dargestellt. Die Rechenergebnisse dieser Einheit 12 werden wieder auf den Bus 11 zurückgeführt. Außerdem werden einige Signale, die bei der Durchführung von Berechnungen auftreten, wie Übertragssignale, Überlaufmeldungen oder Null-Werte, über eine Verbindung 13 einem Register 26 zugeführt, das einen Teil des sogenannten Programmstatusworts enthält. Der zweite Teil des Programmstatusworts ist in einem Register 28 enthalten.An arithmetic logic unit ALU12 is connected to an input to the
Für die Eingabe oder Ausgabe von Daten, beispielsweise von außerhalb der Chipkarte oder von einem Koprozessor in der Chipkarte bzw. auf demselben Chip wie der Mikroprozessor, sind Register 24 vorgesehen, die über eine Verbindung 25 von außerhalb des Mikroprozessors geladen werden können oder nach außerhalb Daten abgeben können.For the input or output of data, for example from outside the smart card or from a coprocessor in the chip card or on the same chip as the microprocessor, registers 24 are provided, which can be loaded via a
Die Register 18, 28 und 24 sind über einen speziellen Bus 23 miteinander verbunden, der auf eine Verbindungseinheit 30 führt. An diesen Bus 23 können noch weitere Register angeschlossen sein, wie durch die gestrichelte Linie zur Verbindungseinheit 30 angedeutet ist. Die Verbindungseinheit 30 ist ferner mit einem internen Bus 21 verbunden, der auf das Register 26 für den einen Teil des Programmstatusworts sowie auf eine Koppeleinheit 22 führt, die diesen Bus 21 mit dem Bus 11 bei entsprechender Ansteuerung über nicht gesondert dargestellte Steuerleitungen verbindet. Die Busse 21 und 23 stellen den in Mikroprozessoren üblichen internen Bus für die Register für spezielle Funktionen dar. Diese beiden Teile bilden einen einheitlichen Bus, wenn die Verbindungseinheit 30 durch Ansteuerung über die Leitung 27 die beiden Busteile verbindet.The
Die Steuerleitung 27 ist mit einem bestimmten Teil des Registers 28 verbunden, der ein Mode-Bit enthält. Der Wert dieses Bits bestimmt, ob der Mikroprozessor im System-Mode oder im Benutzer-Mode arbeitet. Wenn der Wert dieses Bits den System-Mode angibt, wird die Verbindungseinheit 30 angesteuert, um beide Busteile 21 und 23 miteinander zu verbinden, so daß dann ein einheitlicher Bus hergestellt wird, über den alle Register für spezielle Funktionen, wie die dargestellten Register 18, 24, 26 und 28 sowie gegebenenfalls weitere, nicht dargestellte Register miteinander verbunden sind. Im System-Mode kann also auf alle Register zugegriffen werden. Im Benutzer-Mode wird durch den entsprechenden anderen Wert des Mode-Bits über die Steuerleitung 27 die Verbindungseinheit 30 angesteuert, um die beiden Busteile 21 und 23 zu trennen. Nun kann nicht mehr auf die Register 18, 28 und 24 sowie weitere am Bus 23 angeschlossene Register zugegriffen werden, und zwar weder zum Schreiben noch auch nur zum Lesen.The
Der Übergang vom Benutzer-Mode in den System-Mode geschieht durch einen besonderen Sprungbefehl, durch den das Mode-Bit im Register 28 auf den System-Mode umgeschaltet wird. Gleichzeitig wird der Anfang des System-Programms aufgerufen, dessen wesentlicher Inhalt unveränderlich festgelegt ist. Im System-Programm kann beispielsweise das Register 18 verändert werden, um andere Speichereinheiten oder andere Segmente in einer Speichereinheit im nachfolgenden Anwenderprogramm adressieren zu können. Am Schluß des System-Programms wird im Register 28 das Mode-Bit wieder zurückgeschaltet, und damit wird über die Steuerleitung 27 in der Verbindungseinheit 30 wieder die Verbindung zum Bus 23 unterbrochen, so daß dann kein Zugriff auf die daran angeschlossenen Register möglich ist.The transition from user mode to system mode is done by a special jump instruction which switches the mode bit in
In
In
Eine weitere Sicherung gegen Zugriff auf nicht erlaubte Daten ist in
Wenn vom Bus 11 über das Datenregister 44 Daten in den Speicher 20 in
In
Der Systembereich 50 mit den Zugriffsmöglichkeiten auf die darin angedeuteten Einheiten ist nur möglich, wenn das Mode-Bit gesetzt ist. Im Benutzer-Bereich ist der Zugriff auf die darin dargestellten Einheiten 62 und 64 möglich, jedoch nicht auf die im Systembereich 50 dargestellten Einheiten.The
In
Der Teil nach dem Doppelstrich ist auch im Benutzer-Mode lesbar und veränderbar und enthält zwei Abschnitte 75 und 76, in denen Übertragssignale gespeichert werden, die in der ALU12 in
Claims (7)
- A chip card with an integrated circuit provided with a control unit in the form of a microprocessor and at least one memory with a plurality of memory locations that can be accessed via addresses, characterized in that the microprocessor includes a plurality of registers of which at least a PSW register contains a program status word in which the value of at least one predetermined mode bit determines a user mode or a system mode, the access to at least parts of the PSW register as well as to all registers and memory segments that are used only in the system mode being inhibited when the mode bit indicates the user mode.
- A chip card as claimed in claim 1, in which the PSW register comprises at least a first sub-register and a second sub-register and the first sub-register contains the mode bit as well as information for the selection of one from a plurality of register blocks and can be read and modified only in the system mode.
- A chip card as claimed in claim 1 or 2, in which each interrupt request occurring in the user mode triggers a jump to the system mode which switches over the mode bit, and all registers which serve for input/output operations and for the control of control circuits coupled to the microprocessor are used only in the system mode.
- A chip card as claimed in any one of the preceding claims, in which at least one of the registers is a first segment address register which contains the address of a memory segment containing data for the current program that is being executed, and at least a further register is a second segment address register which contains the address of a preferably other memory segment and a modification of the first and the second segment address register is inhibited in the user mode.
- A chip card as claimed in any one of the preceding claims, in which further registers are address registers of which each one indicates a respective address within a memory zone indicated by the segment address register, each address register having assigned to it an associated auxiliary address register which can be modified only in the system mode and contains at least the most significant bits of the address as well as test information and there being provided a comparator which compares the test information of the auxiliary address register with information read from predetermined bit locations of the addressed memory location and, in the user mode, enables the further transport of the information read from the addressed memory location, or a modification of the information of the addressed memory location, only in the case of correspondence between the test information and the information read out.
- A chip card as claimed in any one of the preceding claims, in which from a register which is addressed in the user mode and is used only in the system mode only a predetermined bit pattern, preferably being the bit pattern of a memory location that has not been modified after the manufacture of the integrated circuit is transported.
- A chip card as claimed in any one of the preceding claims, in which the registers are connected, over a bus, to the remainder of the circuit of the microprocessor in such a manner that the registers which are used only in the system mode are arranged at the end of the bus that is remote from the microprocessor and an inhibit gate which is controlled only by the mode bit is inserted in the bus and precedes said register.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE19804784 | 1998-02-06 | ||
DE19804784A DE19804784A1 (en) | 1998-02-06 | 1998-02-06 | Chip card with integrated circuit |
Publications (3)
Publication Number | Publication Date |
---|---|
EP0935214A2 EP0935214A2 (en) | 1999-08-11 |
EP0935214A3 EP0935214A3 (en) | 2002-08-14 |
EP0935214B1 true EP0935214B1 (en) | 2008-12-03 |
Family
ID=7856868
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP99200263A Expired - Lifetime EP0935214B1 (en) | 1998-02-06 | 1999-01-29 | Smart card with integrated circuit |
Country Status (4)
Country | Link |
---|---|
US (2) | US6594746B2 (en) |
EP (1) | EP0935214B1 (en) |
JP (1) | JP4559552B2 (en) |
DE (2) | DE19804784A1 (en) |
Families Citing this family (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE19804784A1 (en) * | 1998-02-06 | 1999-08-12 | Philips Patentverwaltung | Chip card with integrated circuit |
US6820203B1 (en) * | 1999-04-07 | 2004-11-16 | Sony Corporation | Security unit for use in memory card |
JP2001056848A (en) * | 1999-08-19 | 2001-02-27 | Nec Corp | Command execution control method for ic card, ic card, and recording medium where ic card program is recorded |
JP3710671B2 (en) * | 2000-03-14 | 2005-10-26 | シャープ株式会社 | One-chip microcomputer, IC card using the same, and access control method for one-chip microcomputer |
US20020040438A1 (en) * | 2000-05-05 | 2002-04-04 | Fisher David Landis | Method to securely load and manage multiple applications on a conventional file system smart card |
WO2001097010A2 (en) | 2000-06-12 | 2001-12-20 | Koninklijke Philips Electronics N.V. | Data processing method and device for protected execution of instructions |
US7925892B2 (en) | 2003-03-31 | 2011-04-12 | Nxp B.V. | Method to grant modification rights for a smart card |
US8639946B2 (en) * | 2005-06-24 | 2014-01-28 | Sigmatel, Inc. | System and method of using a protected non-volatile memory |
GB2457062A (en) * | 2008-02-01 | 2009-08-05 | Iti Scotland Ltd | Tag reader / writer process partitioned for execution between secure and non-secure processing environments |
USD691610S1 (en) * | 2011-11-07 | 2013-10-15 | Blackberry Limited | Device smart card |
US8950681B2 (en) | 2011-11-07 | 2015-02-10 | Blackberry Limited | Universal integrated circuit card apparatus and related methods |
USD703208S1 (en) * | 2012-04-13 | 2014-04-22 | Blackberry Limited | UICC apparatus |
US8936199B2 (en) | 2012-04-13 | 2015-01-20 | Blackberry Limited | UICC apparatus and related methods |
USD701864S1 (en) * | 2012-04-23 | 2014-04-01 | Blackberry Limited | UICC apparatus |
Family Cites Families (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE512542C (en) * | 1930-05-01 | 1930-11-13 | Niederrheinische Eisenhuette U | Procedure for quickly emptying the petrol earth pipe |
JPH03229328A (en) * | 1990-02-05 | 1991-10-11 | Matsushita Electric Ind Co Ltd | Microprocessor |
DE4115152C2 (en) * | 1991-05-08 | 2003-04-24 | Gao Ges Automation Org | Card-shaped data carrier with a data-protecting microprocessor circuit |
US5418956A (en) * | 1992-02-26 | 1995-05-23 | Microsoft Corporation | Method and system for avoiding selector loads |
JP3125196B2 (en) * | 1992-06-23 | 2001-01-15 | 株式会社シコー技研 | Pressure-resistant waterproof seal mechanism |
JPH06236447A (en) * | 1993-02-09 | 1994-08-23 | Mitsubishi Electric Corp | Microcomputer for ic card |
FR2713803B1 (en) * | 1993-12-07 | 1996-01-12 | Gemplus Card Int | Memory card and operating method. |
US5491827A (en) * | 1994-01-14 | 1996-02-13 | Bull Hn Information Systems Inc. | Secure application card for sharing application data and procedures among a plurality of microprocessors |
JP3672634B2 (en) * | 1994-09-09 | 2005-07-20 | 株式会社ルネサステクノロジ | Data processing device |
JPH08297580A (en) * | 1995-04-27 | 1996-11-12 | Canon Inc | Input/output control method |
JP2625402B2 (en) * | 1995-05-24 | 1997-07-02 | 日本電気株式会社 | Microprocessor |
US5701493A (en) * | 1995-08-03 | 1997-12-23 | Advanced Risc Machines Limited | Exception handling method and apparatus in data processing systems |
DE19536169A1 (en) * | 1995-09-29 | 1997-04-03 | Ibm | Multifunctional chip card |
US5754762A (en) * | 1997-01-13 | 1998-05-19 | Kuo; Chih-Cheng | Secure multiple application IC card using interrupt instruction issued by operating system or application program to control operation flag that determines the operational mode of bi-modal CPU |
FR2770327B1 (en) * | 1997-10-24 | 2000-01-14 | Sgs Thomson Microelectronics | ELECTRICALLY PROGRAMMABLE AND ERASABLE NON-VOLATILE MEMORY INCLUDING A PROTECTIVE AREA FOR READING AND / OR WRITING AND ELECTRONIC SYSTEM INCORPORATING THE SAME |
DE19804784A1 (en) * | 1998-02-06 | 1999-08-12 | Philips Patentverwaltung | Chip card with integrated circuit |
-
1998
- 1998-02-06 DE DE19804784A patent/DE19804784A1/en not_active Withdrawn
-
1999
- 1999-01-29 EP EP99200263A patent/EP0935214B1/en not_active Expired - Lifetime
- 1999-01-29 DE DE59914917T patent/DE59914917D1/en not_active Expired - Lifetime
- 1999-02-05 US US09/246,662 patent/US6594746B2/en not_active Expired - Lifetime
- 1999-02-08 JP JP03002499A patent/JP4559552B2/en not_active Expired - Lifetime
-
2003
- 2003-04-16 US US10/414,915 patent/US6754794B2/en not_active Expired - Lifetime
Also Published As
Publication number | Publication date |
---|---|
JPH11272828A (en) | 1999-10-08 |
US6594746B2 (en) | 2003-07-15 |
US6754794B2 (en) | 2004-06-22 |
US20020169943A1 (en) | 2002-11-14 |
DE59914917D1 (en) | 2009-01-15 |
DE19804784A1 (en) | 1999-08-12 |
JP4559552B2 (en) | 2010-10-06 |
US20030196054A1 (en) | 2003-10-16 |
EP0935214A3 (en) | 2002-08-14 |
EP0935214A2 (en) | 1999-08-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP0512542B1 (en) | Data-protecting microprocessor circuit for portable record carriers, for example credit cards | |
DE2916658C2 (en) | ||
EP0935214B1 (en) | Smart card with integrated circuit | |
DE3048365C2 (en) | ||
DE2629459C2 (en) | ||
DE69100052T2 (en) | INTEGRATED CIRCUIT FOR IMPROVED ACCESS. | |
DE69404674T2 (en) | MEMORY CARD AND METHOD FOR OPERATION | |
DE19536169A1 (en) | Multifunctional chip card | |
DE3102150A1 (en) | "CIRCUIT ARRANGEMENT WITH A CACHE STORAGE FOR A CENTRAL UNIT OF A DATA PROCESSING SYSTEM | |
DE1499200A1 (en) | Data processing system with priority-controlled program interruption | |
EP1358558B1 (en) | Microprocessor circuit for data carriers and a method for organising access to data stored in a memory | |
DE1269393B (en) | Microprogram control unit | |
DE10324337B4 (en) | Computer system and associated method for performing a safety program | |
DE2054830B2 (en) | INFORMATION PROCESSING SYSTEM WITH MEANS OF ACCESS TO MEMORY DATA FIELDS OF VARIABLE LENGTH | |
DE69602984T2 (en) | Method of protecting non-volatile memory areas | |
DE10164422A1 (en) | Method for writing to NV memories in computer architecture, requires data values or data words to be written to specified position of cache-page register of NV memory | |
EP1352318B1 (en) | Microprocessor circuit for portable data carriers | |
DE19626972A1 (en) | Preliminary release method and apparatus for the use of a program protected by an electronic cassette | |
EP1248200A1 (en) | Locking circuit for preventing unauthorized access to a memory of a processor | |
DE2817757A1 (en) | DATA PROCESSING SYSTEM | |
EP0966711B1 (en) | Microcomputer with a memory management unit | |
EP0890172B1 (en) | Solid-state memory device | |
EP1543411B1 (en) | Processor with explicit information on information to be secured in sub-program branches | |
EP0329966B1 (en) | Method for securing secret code data stored in a data memory, and circuitry for carrying out this method | |
EP0353530A1 (en) | Method for differentiating between electronic circuits with non-volatile memories |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
AK | Designated contracting states |
Kind code of ref document: A2 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE |
|
AX | Request for extension of the european patent |
Free format text: AL;LT;LV;MK;RO;SI |
|
RAP3 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: KONINKLIJKE PHILIPS ELECTRONICS N.V. Owner name: PHILIPS CORPORATE INTELLECTUAL PROPERTY GMBH |
|
PUAL | Search report despatched |
Free format text: ORIGINAL CODE: 0009013 |
|
AK | Designated contracting states |
Kind code of ref document: A3 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE |
|
AX | Request for extension of the european patent |
Free format text: AL;LT;LV;MK;RO;SI |
|
RIC1 | Information provided on ipc code assigned before grant |
Free format text: 7G 06K 19/073 A, 7G 07F 7/10 B |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: KONINKLIJKE PHILIPS ELECTRONICS N.V. Owner name: PHILIPS CORPORATE INTELLECTUAL PROPERTY GMBH |
|
17P | Request for examination filed |
Effective date: 20030214 |
|
AKX | Designation fees paid |
Designated state(s): DE FR GB IT |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: KONINKLIJKE PHILIPS ELECTRONICS N.V. Owner name: PHILIPS INTELLECTUAL PROPERTY & STANDARDS GMBH |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: NXP B.V. |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): DE FR GB IT |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D Free format text: NOT ENGLISH |
|
REF | Corresponds to: |
Ref document number: 59914917 Country of ref document: DE Date of ref document: 20090115 Kind code of ref document: P |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: 732E Free format text: REGISTERED BETWEEN 20090507 AND 20090513 |
|
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
26N | No opposition filed |
Effective date: 20090904 |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: 732E Free format text: REGISTERED BETWEEN 20101007 AND 20101013 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20081203 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: GC |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: 732E Free format text: REGISTERED BETWEEN 20111013 AND 20111019 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: AU Effective date: 20120126 |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: 732E Free format text: REGISTERED BETWEEN 20120315 AND 20120321 |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: 732E Free format text: REGISTERED BETWEEN 20120705 AND 20120711 |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: 732E Free format text: REGISTERED BETWEEN 20120927 AND 20121003 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: AU Effective date: 20121009 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: AU Effective date: 20130402 |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: 732E Free format text: REGISTERED BETWEEN 20130606 AND 20130612 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 18 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 19 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 20 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: FR Payment date: 20171221 Year of fee payment: 20 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: GB Payment date: 20171222 Year of fee payment: 20 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: DE Payment date: 20171218 Year of fee payment: 20 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R071 Ref document number: 59914917 Country of ref document: DE |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: PE20 Expiry date: 20190128 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: GB Free format text: LAPSE BECAUSE OF EXPIRATION OF PROTECTION Effective date: 20190128 |